HIPAA Security Reminder of the Week

Sanction Policy

Both the HIPAA Security Rule and the HIPAA Privacy Rule require Covered Entities and Business Associates to document the disciplinary policy and apply sanctionsagainst members of the workforce who violate the respective regulations.

Sanctions may be applied if you:

Access PHI that is not necessary for your job – this includes activities like viewing patient records, copying PHI, or printing PHI

Share your computer access credentials, such as your username and password, with others

Leave your computer unattended but are logged into systems and applications

Use or disclose PHI/ePHI without authorization

Discuss confidential information in a public area or in an area where the public could overhear the conversation

Discuss confidential information with an unauthorized person

Fail to cooperate with the Information Security Officer or Privacy Officer during an investigation, emergency situation, or similar incident

Fail to comply with a resolution team recommendation about your conduct

Sanctions may include:

Verbal Warning

Written Warning

Suspension

Termination

Ensure you know all the policies and what constitutes reasonable use of protected data for your job.

Contact your Privacy Officer, Security Officer or Department Manager to get more details.